Securing the Invisible: Hidden Tech Threatens National Security

Unmasking Hardware Backdoors. From Code to Circuit, why Securing physical components Is key to National Cyber Defense.

Prepared May 2025

Author: Luca Pellegrini

Download the full report here:

Situation Overview

Recent investigations have unveiled a disturbing reality: critical infrastructure equipment, particularly Chinese-manufactured solar inverters and batteries, may conceal rogue communication devices capable of undermining national and public security.

Reports by the Australian Strategic Policy Institute (ASPI), Reuters, and The Economic Times highlight the growing risk of hardware-based cyber intrusions in systems central to national power grids and public utilities.

These findings are not speculative. U.S. energy officials and cybersecurity analysts have discovered undocumented cellular radios and communication modules embedded within power inverters.

These hidden components are capable of bypassing firewalls and operating without detection under conventional cybersecurity protocols. In the worst-case scenario, these devices could be remotely triggered to disrupt grid operations, steal data, or even act as launching points for broader cyberattacks.

This adds a physical dimension to cybersecurity, requiring not only digital vigilance but also scrutiny of the hardware supply chain.

A deep analysis warns that physical equipment—just like software—can be turned into vectors for espionage or sabotage. The components in question may be capable of passive data gathering or active command-and-control operations. Since these rogue modules are not documented or listed in standard data-sheets, their presence often goes unnoticed by importers, resellers, and even national regulators.

In response to this evolving threat landscape, governments must take decisive and multi-layered action. A foundational shift is needed from software-centric protection to a zero-trust model that includes hardware. 

Every device introduced into national infrastructure must be treated as untrusted until verified. This can be achieved through cryptographic device attestation, runtime firmware integrity checks, and physical tamper detection systems embedded within mission-critical hardware.

A closer look to Hidden IoT devices

Hidden IoT devices—such as micro cameras, microphones, and RF receivers—are typically small, low- cost, and low-power, making them easy to conceal in indoor environments for covert surveillance.

These devices can be hidden in everyday objects or carried by individuals to secretly record audio, video, or other sensitive information. They may operate in two primary modes:

Wireless Transmission: Some devices transmit captured data (audio/video) wirelessly to an external receiver.

Local Storage: Others store the data locally (e.g., on an SD card) to avoid detection by network monitoring tools.

A key technical aspect is that all electronic devices, including hidden IoT devices, unintentionally emit electromagnetic (EM) waves, known as emanations, during their operation.

These emanations are byproducts of the device's internal clock and computational activities, and their patterns can be unique to each device's hardware architecture. Even if the device is not actively transmitting data over a network, these EM emanations can still be detected.

Threats Posed by Hidden IoT Devices

Hidden IoT devices introduce several significant threats:

• Privacy Invasion: They can record private conversations, monitor daily activities, and collect sensitive information without consent.

• Corporate Espionage: In offices, they may be used to steal intellectual property, confidential business discussions, or employee data.

• Data Breaches: Devices with wireless capabilities can transmit stolen data to remote attackers, potentially leading to large-scale data breaches.

• Network Vulnerabilities: Even legitimate IoT devices, if compromised or poorly secured, can serve as entry points for attackers, enabling lateral movement within a network.

• Difficulty in Detection: Many hidden devices do not transmit data over the network and can operate in passive recording modes, making them invisible to traditional network-based security tools.

Detection Methods

Passive EM Emanation Detection

RFScan, a system that passively detects, fingerprints, and localizes hidden IoT devices by analyzing their unintentional EM emanations. The detection process involves:

Spectrum Scanning: Continuously scanning a wide frequency range (e.g., 100 MHz to 1 GHz) to capture all possible emanations.Noise Floor Smoothing: Using median filtering to flatten the noise floor and improve the accuracy of spike (emanation) detection.

Non-Coherent Averaging: Averaging multiple time sweeps to strengthen the weak emanation signals and suppress random noise.

Signal Suppression: Subtracting baseline (known environment) EM signatures from current readings to remove ambient wireless signals and focus on new or suspicious emanations.

Fingerprinting: Extracting frequency and time-based features from the detected emanations and using a deep neural network to identify the specific type of IoT device.

Localization: Employing a directional antenna to determine the angle of arrival (AoA) of emanations and triangulating the device's position within the room.

Limitations of Traditional Detection

Dedicated RF Detectors: Commonly used but require turning off all legitimate devices and cannot distinguish between multiple sources.

Sensor-Based Detection: Relies on visual cues (e.g., camera light indicators), which can be disabled by attackers.

Network Traffic Analysis: Ineffective if the device is not transmitting data or uses local storage only.

Active Excitation Methods: Involve stimulating devices with external signals (e.g., light, RF), which can alert attackers and may not work on all device types.

Practical Considerations

Detection Range: The strength of EM emanations decreases with distance and can be affected by shielding (plastic, metal) and multipath effects in indoor environments. RFScan demonstrated detection ranges up to 5 meters for some devices, but less for others.

Multiple Devices: Devices with different clock frequencies can be detected and separated; however, devices with similar frequencies may be harder to distinguish simultaneously.

Shielding: Covering devices with plastic or aluminum reduces emanation strength but does not eliminate it entirely, so detection remains possible unless the shielding is perfect

What You Can Do to Detect Hidden IoT Devices

Deploy Passive EM Detection Tools: Use advanced systems like RFScan to continuously monitor indoor environments for new or suspicious EM emanations without needing network access or device stimulation.

Establish Baseline Profiles: Regularly scan and record the EM signature of your environment when it is known to be secure. This allows for more effective subtraction of ambient signals and identification of new devices.

Use Directional Antennas: For precise localization, use directional antennas to scan for the angle of arrival of detected emanations and triangulate the device’s position.

Regularly Update Detection Models: Continuously retrain fingerprinting models with new device profiles to improve recognition of emerging or unknown IoT devices.

Physical Inspection: In addition to technical methods, visually inspect rooms for unusual objects, smallholes, or seams that could conceal a device, and use RF detectors for a quick sweep.

Shield Sensitive Areas: Consider using EM shielding materials in highly sensitive rooms to reduce the risk of undetected emanation-based surveillance.

Regulation, and strategic countermeasure

Securing the hardware supply chain is an essential front. Governments should enforce mandatory independent security testing of imported devices before they are approved for integration into national systems.

Technologies such as side-channel analysis, reverse engineering platforms, and X-ray imaging scanners can also be used to detect the presence of undocumented chips or communication modules. Tools like ChipWhisperer, an open-source hardware hacking toolset, and JTAG boundary- scan testing allow forensic-level inspection of microcontrollers and integrated circuits.

Additionally, electromagnetic emission monitoring using devices like TEMPEST scanners can detect covert transmissions or abnormal signal behavior. Regulatory frameworks must evolve to keep pace. Governments should implement hardware security standards that require manufacturers to provide full component documentation and submit their products for independent verification.

Compliance must be strictly enforced, with significant penalties for violations or obfuscation. A longer-term strategic countermeasure involves reducing dependency on foreign-manufactured critical components.

By investing in domestic semiconductor and power infrastructure manufacturing, states can increase supply chain transparency and reduce exposure to foreign-manufactured threats.

International collaboration also plays a crucial role. Shared intelligence, multinational testing labs, and harmonized security protocols can create a cooperative global front against hardware-based intrusions. The coordination of cyber-defense initiatives through international alliances can bolster national resilience.

Conclusion

The discovery of rogue communication devices in solar infrastructure is not an isolated incident but a symptom of a deeper vulnerability in how nations approach infrastructure security. It demands areevaluation of trust, procurement, and detection mechanisms.

National and public security in the digital age must be anchored in both bytes and bolts—equally protecting against invisible code and invisible circuits.

Only a comprehensive, technology-informed, and globally coordinated approach can ensure the resilience of modern infrastructure against these emerging threats.